Near Field Communication (NFC) is a proximity communication technology that can enable contactless device payment technologies and that is supported by the Global System for Mobile Communications (GSM) Association. Radio frequency identification (RFID) is another wireless communication technology that can be adapted to enable NFC smart card payment technology. NFC communication generally is conducted in a range from about 3 to about 4 inches. Such short communication distances enable secure communication between close field proximity enabled devices. In operation of an NFC transaction, a user “taps” a device, such as an NFC-enabled mobile phone or NFC-enable smart card, to a reader. The reader recognizes the NFC-enabled device when the device is moved within range of the reader, establishes a secure communication channel with the device, and initiates a payment transaction between the reader and the device.
Smart cards are devices with an embedded integrated circuit (for example, a microprocessor and/or memory) for use as storage of data. Smart cards typically are credit card sized electronic devices that have a variety of uses and can be utilized in any transaction that involves the exchange of data or information. Smart card technology has been particularly useful in financial transaction systems. Smart cards generally do not include a data entry device for direct entry of data. Instead, a smart card is used in conjunction with a card reader and/or an input device. Traditionally, a smart card is linked to a financial account or contains financial account information. Consequently, when the smart card is used, the reader receives the financial account information and conducts a debit transaction from the financial account, requiring network access to process the on-line transaction. Such conventional smart cards are inoperable when access to a network or to specific computers on the network is not available.
Fraud is an ever-growing problem with the use of smart card technology. For instance, a malicious user may rollback the balance on a smart card to a previous saved state, thus removing withdrawal transactions occurring after the last saved state. Also, it may be difficult for the merchant or financial institution to verify that the actual cardholder is authorizing the smart card purchase. Because cards may be produced in bank card number (BIN) ranges, not randomly generated numbers, it is possible for an attacker to obtain one good card number and generate additional valid card numbers by changing the last digit(s) of the card number, thereby allowing an attacker to use someone else's card. Common methods to combat fraud include requiring submission of a copy of the physical card or of the three/four-digit card verification number (CCV). The CCV scheme, for instance, was established by credit card companies in efforts to reduce fraud for internet transactions. However, the CCV number is printed on the face or backside of the card and is limited by the number of possible three/four-digit combinations.